global
    maxconn                 {{ 10000 * ansible_processor_vcpus|int }}
    log                     127.0.0.1 local0

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option                  http-server-close
    option                  redispatch
    retries                 5
    timeout http-request    5m
    timeout queue           5m
    timeout connect         30s
    timeout client          15m
    timeout server          15m
    timeout http-keep-alive 30s
    timeout check           30s
    maxconn                 {{ 10000 * ansible_processor_vcpus|int }}

listen stats
    bind 0.0.0.0:{{ lb_haproxy_stats_bind_address }}
    mode http
    balance {{ lb_haproxy_balance_alg }}
    stats enable
    stats refresh {{ lb_haproxy_stats_refresh }}s
    stats uri {{ lb_haproxy_stats_uri }}
    stats auth {{ lb_haproxy_stats_user }}:{{ lb_haproxy_stats_password }}
    stats admin if TRUE

{% if lb_kube_apiserver_healthcheck_port is defined -%}
frontend healthz
    bind 127.0.0.1:{{ lb_kube_apiserver_healthcheck_port }}
    mode http
    monitor-uri /healthz
{% endif %}

frontend kube_api_frontend
    bind {% if inventory_hostname in groups['lb'] %}0.0.0.0{% else %}127.0.0.1{% endif %}:{{ lb_kube_apiserver_port }}
    mode tcp
    option tcplog
    default_backend kube_api_backend

backend kube_api_backend
    mode tcp
    balance {{ lb_haproxy_balance_alg }}
    default-server inter 15s downinter 15s rise 2 fall 2 slowstart 60s maxconn 1000 maxqueue 256 weight 100
    option httpchk GET /healthz
    http-check expect status 200
{% for host in (groups['kube-master'] + groups['new-master']) %}
    server {{ host }} {% if hostvars[host]['ansible_host'] is defined %}{{ hostvars[host]['ansible_host'] }}{% else %}{{ host }}{% endif %}:6443 check check-ssl verify none
{% endfor %}

{% if enabel_ingress_nodeport_lb | bool %}
listen ingress_http
    bind 0.0.0.0:80
    mode tcp
    option tcplog
    balance {{ lb_haproxy_balance_alg }}
{% for host in (groups['kube-worker'] + groups['new-worker']) %}
    server {{ host }} {% if hostvars[host]['ansible_host'] is defined %}{{ hostvars[host]['ansible_host'] }}{% else %}{{ host }}{% endif %}:{{ ingress_controller_http_nodeport }} check inter 2000 fall 2 rise 2 weight 1
{% endfor %}
{% endif %}

{% if enabel_ingress_tls_nodeport_lb | bool %}
listen ingress_https
    bind 0.0.0.0:443
    mode tcp
    option tcplog
    balance {{ lb_haproxy_balance_alg }}
{% for host in (groups['kube-worker'] + groups['new-worker']) %}
    server {{ host }} {% if hostvars[host]['ansible_host'] is defined %}{{ hostvars[host]['ansible_host'] }}{% else %}{{ host }}{% endif %}:{{ ingress_controller_https_nodeport }} check inter 2000 fall 2 rise 2 weight 1
{% endfor %}
{% endif %}